Workforce migration has posed significant challenges for organizations, especially since 50 percent had no plan ready last year to accommodate an overnight transition to fully-remote employees. Potential misconfigurations left behind by this rapid transition increased the attack surface for threat actors, who have developed more sophisticated attack strategies with the commoditization of advanced tools and tactics.
New threats like APT-hackers-for-hire offering their services to the highest bidder pose particular dangers to small and mid-sized organizations, which now must update their threat models and security policies to respond. Here are some steps they can take to improve security:
- Know the organization’s network and assets.
Before executing a security strategy, it’s important to have a complete account and inventory of all device types and assets, as well as an accurate blueprint of the organization’s network infrastructure. Understanding the company’s network topology, architecture and even how it’s mapped in its physical space can help build an effective security strategy tailored to the organization’s infrastructure and assets.
For example, some devices may not support the deployment of security clients, so securing them becomes a matter of network policies. Internet of Things (IoT) devices fall within this category, as well as industrial equipment, some medical devices, and other industry-specific assets, based on the company’s profile.
However, while 75 percent of CIOs and CISOs believe the use of IoT within their infrastructure has increased their knowledge of how to protect them, around 20 percent say these devices will spread faster than they can be secured.
- Segregate and segment the network.
An unsegmented network can affect both traffic and security. Breaking the network into smaller chunks can help build trust and allow access control, enabling security and IT teams to prevent unauthorized access to critical areas while enforcing specific security policies based on how critical the assets are within than network area.
This makes management easier, and it also prevents attackers from quickly moving laterally across the network to access business-critical data. This degree of strict control and visibility over the network can also help spot suspicious or anomalous inbound or outbound traffic.
Security professionals should also understand that almost half (47 percent) of all reported network-level attacks involve server message block (SMB) exploits, and that brute force attempts on remote desktop protocol (RDP) and file transfer protocol (FTP) account for 42 percent of all reported network-level attacks.
- Train employees on cyber.
With employees feeling more relaxed working from home and paying less attention to security best practices, three in 10 CIOs and CISOs fear that remote workers are the root cause of a data breach. One of the biggest human risk factors for security teams to mitigate is the reuse of old passwords that may have been leaked in previous breaches.
Consider educating employees on how to create unique, complex, and easy-to-remember passwords as well as the danger of reusing those passwords a first step towards beefing-up security. It’s also vital to train employees on how to identify spearphishing emails and the procedures they need to follow for reporting them, as attackers have become very adept at creating seemingly legitimate emails that slip past detection.
Companywide mandatory security training programs performed regularly can help employees stay informed, adhere to security best practices, and even learn about new security policies and procedures established by IT and security teams. Human beings are usually the weakest link in the cybersecurity chain, and organizations are only as cyber resilient as its least-prepared employee.
- Develop an incident response plan.
Preparing a predefined chain of actions that need to occur after identifying a potential data breach can make a lot of difference in terms of business continuity. An incident response plan helps security and IT teams understand what immediate actions they need to take for identifying, containing, and mitigating a potential threat. It also helps the important stakeholders assess the potential impact and escalate to the appropriate teams or business leaders.
Following each investigated incident, security teams should get in the habit of reviewing and revising the incident response plan and update it with lessons learned, to either incorporate new practices or optimize existing procedures.
- Pick the right security teams and tools.
With almost half (43 percent) of security decision makers agreeing they’re affected by the current global skills deficit, it’s challenging to build the right security teams and pick the right security tools. While some organizations have the budget to increase headcount, finding the right mix of security skilled employees takes time, which many companies lack.
For time and resource-constrained organizations, managed detection and response (MDR) services that act as highly specialized threat-hunting teams, capable of either augmenting existing SOC capabilities or fully managing an organization’s security posture, are worth considering. As an added benefit, these specialized security services come at a fraction of the costs associated with retaining them in-house, but bring years of security knowledge, threat hunting and investigations expertise.
Working on a predefined and preapproved set of actions triggered by a specific threat scenario, MDR teams leverage the full spectrum of tools to deliver full visibility across the organization’s infrastructure. This visibility lets organizations maintain a more proactive posture that helps in terms of quickly finding and eradicating threats before catastrophic damage occurs.
While there’s no recipe for success in terms of the right mix of technologies, processes and compliance that guarantee the best cybersecurity posture, it’s also important to know how cybercriminals operate and what tools they use. The MITRE ATT&CK framework offers great insights into the attack tactics and techniques threat actors commonly employ when compromising enterprise networks, and can serve as a blueprint or checklist for things to identify and protect against.
Balancing best practices, compliance regulations and necessary cybersecurity technologies comes down to understanding how much the company has to lose in a data breach and how much proactive effort it’s willing to make to limit potential fallout and ensure business continuity.
Liviu Arsene , global cybersecurity researcher, Bitdefender